Cloud Security Requires Vigilance and a Layered Risk Mitigation Strategy

Each time a spectacular data breach happens, interest in cloud and information security spikes, and companies call us with their concerns and look for help in securing their data and applications. Soon, it’s back to business as normal. For many organizations, the convenience, economy, and flexibility of the cloud are of such high value that they tend to disregard potential security risks. That’s dangerous. Malware, hackers, scammers, even disgruntled employees are racing to stay abreast of cloud security technology. Even your most comprehensive security strategy will become outdated soon. You need to review it regularly with a view to address emerging vulnerabilities.

Contenders for the Most Damaging Liability

Highlighted in a still-current InfoWorld article, the Cloud Security Alliance (CSA) draws attention to a dozen different cloud computing risks. We see these in our practice, too, but not all of them have the same damaging impact. While data breaches are the CSA’s top item, we find that their number two, compromised credentials and broken authentication, is just as troublesome for the companies we meet.

The InfoWorld writer says, “Organizations often struggle with identity management as they try to allocate permissions appropriate to the user’s job role. More important, they sometimes forget to remove user access when a job function changes or a user leaves the organization.”

One entry on the CSA list exploited system vulnerabilities, is particularly insidious because it can be partly automated with bots. Pirates and hackers targeting cloud companies use extremely efficient tools to harvest valuable data and intellectual property. You need to shore up your cloud ERP and other systems without making them difficult to use, a balance we can help you strike.

Complacency is harmful when it comes to protecting your data, intellectual property, and applications in the cloud. The risks are real, and changing quickly. But you can address them with the powerful tools and best practices available today. Many companies leave aside key aspects of cloud security; for example, they may not think about protection for the physical data center or networking communications.

Multiple Layers of Cloud Security

The basics of how to plan and implement a cloud security plan are still as discussed by ERP Cloud News a few years ago. This is critical, also because some companies only consider the security of their applications, databases, and servers. However, you also should think about keeping these three elements safe:

  • Physical data center and networking hardware
  • Data storage devices and networks
  • Data transmission protocols
  • Perimeter and network edge

We also recommend talking to your cloud service provider and checking your service contract so you can be clear on what your security responsibilities are and what you can expect from your vendor.

Redundancy Across the World’s Regions

As companies and the cloud transcend geographic and national boundaries, security needs to follow suit. Geo-redundancy enables systems to recover from a potential disaster by putting networks and data center resources in multiple regions to work.

As ERP Software Blog rightly says, “If a cloud provider uses a single datacenter with no data replication to other diverse locations, then there is no ability to recover from a geographic event.” Leading providers build layered, distributed infrastructures across the world’s regions to ensure this protection for their clients. Be sure to verify what your vendor or hopeful provider offers in terms of geo-redundancy for the cloud.

Keep in mind that cloud security is a shared responsibility between you and the cloud service provider. If you don’t define and enforce your own policies and controls, you are putting your data and business viability at risk. Get in touch with the Sikich cloud team if you want some help making your cloud apps and data secure and create effective best practices for cloud security.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author